What's New in vRealize Orchestrator 6.0.3

vRealize Orchestrator 6.0.3 is a patch release that introduces a number of improvements and bug fixes. See Resolved Issues.

Feature and Support Notice

The features listed below are deprecated in vRealize Orchestrator 6.0.3 and scheduled for removal in future releases. None of the deprecated features should be used as part of any vRealize Orchestrator based solution.

LDAP authentication

The Orchestrator configuration interface has been deprecated in vCenter Orchestrator 5.5.1 and it is planned to be removed in the next major release of vRealize Orchestrator. Recommended vRealize Orchestrator configuration should happen through vRealize Orchestrator configuration workflows and vRealize Orchestrator configuration API.

The Orchestrator standalone Windows installer is deprecated and it is planned to be removed in the next major release of vRealize Orchestrator. It is not recommended to use the standalone Windows installer as a part of a Software-Defined Data Center solution.
You can use the PowerShell plug-in with the Orchestrator Appliance to run PowerShell scripts on an external Windows host. See Invoke an External Script.

Deploying the VMware vRealize Orchestrator Appliance 6.0.3

VMware vRealize Orchestrator 6.0.3 is available as a preconfigured virtual appliance. The appliance significantly reduces the time and skills required to deploy vRealize Orchestrator and provides a low-cost alternative to the traditional Windows-based installation.

The Orchestrator Appliance is distributed as an OVF file. It is prebuild and preconfigured with Novell SUSE Linux Enterprise Server, PostgreSQL, and OpenLDAP, and it can be used with vCenter Server 4.1 and later.

The Orchestrator Appliance functionality is suitable for any use case from lab evaluation to large-scale production, when an external database is used. The appliance offers all of the components included in the regular Windows-based installation, along with the flexibility to use either the prebuilt directory services and database, or external ones like Active Directory or Oracle. The Orchestrator appliance is certified to run at the same performance level as the Windows-based installation.

The Orchestrator Appliance is a fast, easy to use, and more affordable way to integrate the VMware cloud stack, including vCenter Server and vCloud Director, with your IT processes and environment.

Upgrading to vRealize Orchestrator 6.0.3

To upgrade to vRealize Orchestrator 6.0.3, you must export your current Orchestrator configuration settings, deploy Orchestrator Appliance 6.0.3, and import the configuration settings.

Important: For security reasons, the password expiry of the root account of the Orchestrator Appliance is set to 365 days. To increase the expiry time for an account, log in to the Orchestrator Appliance as root, and run the following command:

passwd -x number_of_daysname_of_account

To make your Orchestrator Appliance root password last forever, run the following command:

passwd -x 99999 root

Plug-Ins Installed with vRealize Orchestrator 6.0.3

The following plug-ins are installed by default with vRealize Orchestrator 6.0.3:

vRealize Orchestrator vCenter Server Plug-In 6.0.2

vRealize Orchestrator Mail Plug-In 5.5.1

vRealize Orchestrator SQL Plug-In 1.1.4

vRealize Orchestrator SSH Plug-In 7.0.1

vRealize Orchestrator SOAP Plug-In 1.0.4

vRealize Orchestrator HTTP-REST Plug-In 1.0.9

vRealize Orchestrator Plug-In for Microsoft Active Directory 2.0.3

vRealize Orchestrator AMQP Plug-In 1.0.4

vRealize Orchestrator SNMP Plug-In 1.0.3

vRealize Orchestrator PowerShell Plug-In 1.0.7

vRealize Orchestrator Multi-Node Plug-In 6.0.3

vRealize Orchestrator Dynamic Types 1.0.1

Internationalization Support

vRealize Orchestrator 6.0.3 supports internationalization level 1. Although Orchestrator is not localized, it can run on non-English operating systems and supports non-English text.

How to Provide Feedback

Your active feedback over the next few weeks is appreciated. Provide your feedback by:

Support Requests (SRs)

Orchestrator Discussion Forum

Support Requests

File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.

Go to the Orchestrator configuration interface at https://orchestrator_server_ip_address:8283.

Log in with your username and password.

Click Logs.

Click Generate log report.

Save the generated ZIP file.

Upload the saved ZIP file to VMware Support.

For Orchestrator configuration issues, include an exported configuration file in your SRs. To export your configuration from the Orchestrator configuration interface:

Go to the Orchestrator configuration interface at https://orchestrator_server_ip_address:8283.

Log in with your username and password.

Click General.

Click the Export Configuration tab.

Click Export.

Save the *.vmoconfig file.

Upload the saved files to VMware Support.

Important: Do not export your configuration with a password.

Earlier Releases of vRealize Orchestrator

Features and issues from earlier releases of vRealize Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vRealize Orchestrator, click one of the following links:

Resolved Issues

The HTTP-REST plug-in does not allow HTTP Body data for DELETE calls
You are not able to use an HTTP Body data in a REST Delete request with the HTTP-REST plug-in.

The issue is resolved in this release.

The HTTP-REST plug-in does not support all HTTP methods.

The issue is resolved in this release.

The SOAP plug-in does not support TLS 1.1 and TLS 1.2

The issue is resolved in this release.

When upgrading Orchestrator, configuration files are overwritten
When you upgrade Orchestrator, the upgrade process overwrites log4j.xml, wrapper.conf, wrapper-auto.conf, and network bind information in catalina.properties. Plug-ins are overwritten if a higher version of the plug-in exists in the upgraded Orchestrator.

The issue is resolved in this release.

Orchestrator active nodes become inactive
If there is a database connection failure, the Orchestrator active nodes shutdown and stop processing workflow run requests.

This issue is resolved by providing a retrial algorithm based on cluster configuration. The Orchestrator active node will attempt to reconnect a given number of times and will shut down if the attempts are unsuccessful.

Upload file to datastore workflow might fail with a Connection Reset error.
If you are using the Upload file to datastore workflow, the workflow might fail with a Connection Reset error.

The issue is resolved in this release.

The Back button can only go back 6 times
The Back button can only go back 6 times and then falls into a loop.

The Orchestrator plug-in for vSphere Web Client does not update automatically.
When you update Orchestrator 6.0.1 to version 6.0.2, the Orchestrator plug-in for vSphere Web Client does not update automatically.

The issue is resolved in this release.

Orchestrator services do not start when upgrading to Orchestrator 6.0.2 Windows standalone
If you are upgrading the Windows standalone version of Orchestrator 6.0.1 to Orchestrator 6.0.2, the upgrade is successful, but the Orchestrator services do not start.

The issue is resolved in this release.

Known Issues

Orchestrator installer does not complete upgrading.
If you are upgrading Orchestrator 5.5.1 or earlier to version 6.0.x, without upgrading the Single Sign-On that the Orchestrator server is configured to use, the installer does not complete upgrading. All versions of Single Sign-On that work with vCenter Server 5.5 update 1 and earlier are incompatible with Orchestrator server 5.5.2 and later.

Workaround: Stop the Orchestrator server service before proceeding with the upgrade. After the upgrade is complete, open the Orchestrator configuration interface, update your authentication configuration, and start the Orchestrator server service.

Export of Orchestrator configuration might fail when you upgrade vSphere to version 6.0
If you attempt to upgrade vSphere to version 6.0 after installing it in a custom location, you receive an Export of source Orchestrator configuration failed error message, and your Orchestrator configuration data is not transferred.

Restarting Orchestrator server service after reinstalling plug-ins adds Java exceptions to the logs
On the Troubleshooting tab of the Orchestrator configuration interface, if you reinstall plug-ins by clicking Reset current version and then restart the Orchestrator server, several Java exceptions are written to the Orchestrator server logs.

You might be unable to configure the LDAP settings if your LDAP password contains non-ASCII characters
While configuring the LDAP settings in the Orchestrator configuration interface, if the LDAP password that you enter contains non-ASCII characters, the attempt might fail with an Unable to connect to LDAP Server error message. This issue occurs under the following conditions:

When the LDAP password contains characters such as  and ÿ in German and French locales.

When the LDAP password contains any native characters in Japanese, Korean, and Simplified Chinese locales.

Problems handling non-ASCII characters in certain contexts
Using non-ASCII characters in input parameters results in incorrect behavior in the following situations:

If you run the SCP put or SCP get workflows from the SSH folder on a file with a name that contains non-ASCII characters, the workflow runs, but name of the resulting file on the destination machine is garbled.

If you try to insert non-ASCII characters into attribute names, the characters do not appear. The issue occurs for workflow attributes and action attributes.

Configuration Issues

Exported configuration with a password cannot be reimported
If you export your Orchestrator configuration with a password, and attempt to reimport it, you receive a Could not import the configuration.: javax.crypto.BadPaddingException: Given final block not properly padded error message and the import of the configuration fails.

Changes might not be added when exporting configuration settings from the Orchestrator configuration interface
If you are exporting Orchestrator configuration data through the Orhestrator configuration interface, changes might not be added to the exported configuration package. This can lead to incorrectly configured nodes when configuring a cluster.

The Orchestrator configuration interface might display a validation error
If you have a correctly configured vRealize Orchestrator with Single Sign-On authentication, you might see a validation error on the Authentication tab in the Orchestrator configuration interface.

Workaround: Restart the Orchestrator configuration server.

The Orchestrator configuration interface does not load after a restart
If you restart the Orchestrator configuration server, the page does not load or loads without an applied style sheet.

Workaround: Access the Orchestrator Configuration page after a minute.

vCenter Server objects not accessible in the vSphere Web Client
Orchestrator cannot access vCenter Server objects in the vSphere Web Client if the vCenter Server instance that you are attempting to access is registered in Orchestrator by IP address.

Workaround: Register the vCenter Server instance by host name.

The Orchestrator server might become unavailable, after you modify the Single Sign-On settings by running a workflow from the Configuration plug-in
You must always restart the Orchestrator server right after running a workflow for configuring the Single Sign-On settings, otherwise the Orchestrator server might become unavailable. The new Single Sign-On settings are applied after the server restarts. For this reason, if you are performing an automatic configuration of Orchestrator server through workflows, make sure that the Single Sign-On configuration is the last step of the process and is performed right before you restart the Orchestrator server.

Orchestrator authentication configuration might become invalid, if the vCenter Single Sign-On server certificate changes or regenerates
When Orchestrator is configured to use vCenter Single Sign-On, if the certificate of the vCenter Single Sign-On server changes or regenerates, the Orchestrator authentication configuration becomes invalid and the Orchestrator server cannot start.

Workaround: To work around this issue, import the new vCenter Single Sign-On certificate:

Log in to the Orchestrator configuration interface as vmware.

Click Network.

In the right pane, click the SSL Trust Manager tab.

Load the vCenter Single Sign-On SSL certificate from a URL or a file.

Click Import.

Click Startup Options.

Click Restart the Orchestrator configuration server to restart the Orchestrator Configuration service after adding the new SSL certificate.

Orchestrator does not work with forest and external trusts in Active Directory

Multiple domains that are not in the same tree but have a two-way trust, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are not supported.

Support for TNSNames missing when you connect to an Oracle database
You cannot use TNSNames to connect to an Oracle database. You can connect to an Oracle database using an IP address or a DNS name.

SSL certificate is not loaded when you import configuration from previous installation
If you import the configuration of a previous installation into the current installation, the SSL certificate from the old installation is not loaded. In the Orchestrator configuration interface, the Server Certificate tab shows a red triangle.

Workaround: Import the certificate manually.

Restricted access to vCenter Server inventory can cause errors if you select Session per user
If you select the Session per user option on the vCenter Server tab of the configuration interface, attempting to access the vCenter Server inventory might result in some errors for a user with restricted access to inventory objects.

No error message is displayed on the Network tab of the Orchestrator configuration interface when a network port is already in use
The network configuration is saved successfully without errors even when the port numbers that you enter are already in use on your host.

Workaround: Make sure the port numbers you enter on the Network tab are available.

Client Issues

The Orchestrator client does not start on Mac machines running Java 8.
If you are using the vRealize Orchestrator Java Web start application or the installable client on a Mac machine running Java 8, you are not able to start the Orchestrator client.

Workaround: Use the Orchestrator client Mac App from vRealize Orchestrator Appliance Home page.

Adding parameters to a composite type might result in a JDBC error
If you use the Orchestrator client to define a composite return type and add parameters with long field names, the composite type name might exceed 100 characters, which results in a JDBC error. Consequently, you cannot save the composite type.

Deleting a package with Keep shared selected also deletes shared content
If you have an embedded workflow and another workflow in separate packages and try to delete the package with the embedded workflow by selecting the Keep shared option, the shared content is deleted with the package.

Workaround: To restore the deleted workflow, access the folder in which the shared workflow was located, use the Restore deleted workflows option, and select the workflows to restore.

The Retrieve messages (via MailClient) workflow does not display the message content
If you are using the Retrieve messages (via MailClient) workflow with Office 365 or Microsoft Exchange Server, the received messages are with no content.

Workaround: Call the enableImapCompatibilityMode() method on a MailClient object before calling the connect() method.

Use of the Orchestrator client through Java WebStart if the Orchestrator Appliance is behind Network Address Translation (NAT) is not supported

The Revert option for the parameters table does not revert to the last saved state
When you add a parameter to an action script, you cannot remove it using the Revert option on the Scripting tab of the Edit Actions view.

Workaround: Right-click the parameter and click Delete Selected.

Invalid input is accepted as the input value for workflow attributes of number type
Format validation has been disabled on workflow attributes that are of the number type. Invalid input values are accepted without any warning, and workflows are saved successfully, which can lead to unpredictable results.

Miscellaneous Issues

vCenter Server plug-in does not have valid credentials after upgrading to Orchestrator 6.0.x
If you upgrade Orchestrator to 6.0.x, the vCenter Server plug-in does not have valid credentials.

Workaround: After upgrading Orchestrator, update the vCenter Server instance and configure a password for the user.

vRealize Orchestrator displays the vCenter Server plug-in as unusable
After you upgrade vRealize Orchestrator to version 6.0.x, if you have not upgraded the Site Recovery Manager plug-in to version 6.0.0, the vCenter Server plug-in becomes unusable.

Workaround: Upgrade the Site Recovery Manager plug-in to version 6.0.0 or disable the Site Recovery Manager 5.8.0 plug-in.

The Orchestrator configuration interface might not be accessible with Internet Explorer 11
If you are using Internet Explorer 11, you might be unable to log in to the Orchestrator configuration interface.

Workaround: Install Internet Explorer version 11.0.11 or a recent version of Google Chrome or Mozilla Firefox.

The workflow token remains uncompleted, if a workflow has a slash in its name
If you have a workflow with a slash in its name, when you run the workflow, the workflow token might never change to completed, although the workflow itself has completed running.

Workaround: Remove the slash from the name of the workflow.

The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks
On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, when they are actually not.

Workaround: Do not include virtual machines with snapshots in the workflow.

Windows Server 2008 automatically renames VMOAPP and DAR files to ZIP causing the application installation and plug-in upload in the Orchestrator configuration interface to fail
If you are running Orchestrator on Windows Server 2008, the extension of the archives you download is automatically changed to ZIP. When you are installing an application or uploading a plug-in by using the Orchestrator configuration interface, you must use a VMOAPP or DAR file.

Workaround: Change the ZIP extension back to either VMOAPP or DAR to use the downloaded archive in the Orchestrator configuration interface.

Adding values to vCenter Server data object properties of type Array is impossible
When Orchestrator runs scripts, the vCenter Server plug-in converts JavaScript arrays to Java arrays of a fixed size. As a result, you cannot add new values to vCenter Server data objects that take arrays as property values. You can create an object that takes an array as a property if you instantiate that object by passing it a prefilled array. However, after you have instantiated the object, you cannot add values to the array.

In the above code, Orchestrator converts the empty spec.deviceChange JavaScript array into the fixed-size Java array VirtualDeviceConfigSpec[] before it calls setDeviceChange(). When calling spec.deviceChange[0] = new VcVirtualDeviceConfigSpec(), Orchestrator calls getDeviceChange() and the array remains a fixed, empty Java array. Calling spec.deviceChange.add() results in the same behavior.

Workflows cannot start with input parameters of type SecureString, that take a null value
You cannot start a workflow with a null value if that workflow takes a SecureString as an input parameter, unless you start the workflow from within another workflow. If you start a workflow with a null value when that workflow takes a SecureString as an input parameter, the server loads attributes from the cache rather than from the Orchestrator database, resulting in a null input parameter. If you then change the workflow state to passive by implementing a long-running workflow element, the attributes are reloaded from the database, converting the null value into an empty string. This is the only way you can use a null value to start a workflow that requires a SecureString input parameter.